It can be done via Group Policy with appropiate Administrative Templates present. This HOWTO is for machines with no GPO central store [1]. You might use the classic templates (ADM) [2], or the new ones (ADMX). I recommend ADMX, not only because it is newer and not obsolete, but mainly because it allows you to browse All Settings
in the GPOs at once.
- Download the templates: go to https://www.microsoft.com/en-us/download and search for "Office 20xx Administrative Template files", where xx is your Office version installed.
- Extract the files to some temporary location (it is usually a self-extracting exe, or msi package). Here is how to extract files from msi [3].
- Copy all the ADMX files into
%systemroot%\PolicyDefinitions\
and included language files into %systemroot%\PolicyDefinitions\<appropiate_language_directory>
(probably en-US
)
- Set-up the GPOs:
- under User Configuration -> Administrative Templates -> Microsoft Office 20xx -> Security Settings -> enable the Disable VBA for Office applications.
- [optional] you might also want to enable the Disable All ActiveX option in the same branch.
- go to User Configuration -> Administrative Templates -> Microsoft 20xx -> Options -> Security -> Trust Center -> enable the VBA Macro Notification Settings as "Disable all without notification"
hint: Group Policy Editor is "gpedit.msc"
[1] https://support.microsoft.com/en-us/help/929841/how-to-create-the-central-store-for-group-policy-administrative-template-files-in-windows-vista
[2] https://superuser.com/a/1073064/440382
[3] How do I extract files from an MSI package?